<?php

namespace StarCloud\Library;

use Phalcon\Di;

class WechatThirdPlatform
{
    protected $cacheClass;
    protected $appId = "wx2cae6c751988bd54";
    protected $appSecret = "afd12286eb8e30c3c6a84da5f291791b";
    protected $encodingAesKey = 'starcloudstarcloudstarcloudstarcloudstarclo';
    protected $token = "starcloud";
    protected $access_token = "";
    protected $component_verify_ticket = "";
    protected $redirect_uri = 'http://starcloud.zggfyd.cn/api/openwechat/%s/get_oauth_info';

    const API_URL_PREFIX = 'https://api.weixin.qq.com/cgi-bin';

    const API_START_PUSH_TICKET = '/component/api_start_push_ticket';
    const AUTH_URL = '/component/api_component_token';
    const AUTH_PREAUTHCODE = '/component/api_create_preauthcode?';
    const AUTH_QUERY = '/component/api_query_auth?';
    const AUTH_AUTHORIZER_INFO = '/component/api_get_authorizer_info?';

    public function __construct()
    {
        $config = Di::getDefault()->get('config')['wechat_third_platform'];
        isset($config['appId']) && $this->appId = $config['appId'];
        isset($config['appSecret']) && $this->appSecret = $config['appSecret'];
        isset($config['encodingAesKey']) && $this->encodingAesKey = $config['encodingAesKey'];
        isset($config['token']) && $this->token = $config['token'];
        isset($config['redirect_uri']) && $this->redirect_uri = $config['redirect_uri'];
        isset($config['appId']) && $this->appId = $config['appId'];

        $this->cacheClass = Di::getDefault()->get('redis');
    }

    public function getConfig($appId = '')
    {
        return [
            'appid' => $this->appId,
            'access_token' => $this->getAppAccessToken($appId),
            'token' => $this->token,
            'encrypt_type' => $_GET['encrypt_type'] ?? '',
            'encodingaeskey' => $this->encodingAesKey
        ];
    }

    public function getAppId()
    {
        return $this->appId;
    }

    public function getToken()
    {
        return $this->token;
    }

    public function getEncodingAesKey()
    {
        return $this->encodingAesKey;
    }

    public function setAppAccessToken($businessAppId, $appAccessToken)
    {
        $this->app_access_token = $appAccessToken;
        $cacheName = "app_access_token".$businessAppId;
        $this->setCache($cacheName, $appAccessToken, 3600 * 2 - 200);
    }

    public function getAppAccessToken($businessAppId)
    {
        if (empty($businessAppId)) {
            return  '';
        }
        $cacheName = "app_access_token".$businessAppId;
        return $this->getCache($cacheName);
    }

    public function setAccessToken($token)
    {
        $this->access_token = $token;
    }

    public function getAccessToken($token)
    {
        return $this->access_token;
    }

    public function setComponentVerifyTicket($ticket)
    {
        $this->component_verify_ticket = $ticket;
        $cacheName = "component_verify_ticket_".$this->appId;
        $this->setCache($cacheName, $ticket, 3600 * 11);
    }

    public function getComponentVerifyTicket()
    {
        $cacheName = "component_verify_ticket_".$this->appId;
        return $this->getCache($cacheName);
    }

    /**
     * 设置缓存，按需重载
     * @param string $cachename
     * @param mixed $value
     * @param int $expired
     * @return boolean
     */
    protected function setCache($cachename, $value, $expired)
    {
        //TODO: set cache implementation
        return $this->cacheClass->set($cachename, $value, $expired);
    }

    /**
     * 获取缓存，按需重载
     * @param string $cachename
     * @return mixed
     */
    protected function getCache($cachename)
    {
        return $this->cacheClass->get($cachename);
    }

    public function xmlToArray($postStr)
    {
        return (array)simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
    }

    /**
     * GET 请求
     * @param string $url
     */
    private function http_get($url)
    {
        $oCurl = curl_init();
        if (stripos($url, "https://")!==false) {
            curl_setopt($oCurl, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($oCurl, CURLOPT_SSL_VERIFYHOST, false);
            curl_setopt($oCurl, CURLOPT_SSLVERSION, 1); //CURL_SSLVERSION_TLSv1
        }
        curl_setopt($oCurl, CURLOPT_URL, $url);
        curl_setopt($oCurl, CURLOPT_RETURNTRANSFER, 1);
        $sContent = curl_exec($oCurl);
        $aStatus = curl_getinfo($oCurl);
        curl_close($oCurl);
        Di::getDefault()->get('logger')->info("Wechat Api $sContent");
        if (intval($aStatus["http_code"])==200) {
            return $sContent;
        } else {
            return false;
        }
    }

    /**
     * POST 请求
     * @param string $url
     * @param array $param
     * @param boolean $post_file 是否文件上传
     * @return string content
     */
    private function http_post($url, $param, $post_file=false)
    {
        $oCurl = curl_init();
        if (stripos($url, "https://")!==false) {
            curl_setopt($oCurl, CURLOPT_SSL_VERIFYPEER, false);
            curl_setopt($oCurl, CURLOPT_SSL_VERIFYHOST, false);
            curl_setopt($oCurl, CURLOPT_SSLVERSION, 1); //CURL_SSLVERSION_TLSv1
        }
        if (PHP_VERSION_ID >= 50500 && class_exists('\CURLFile')) {
            $is_curlFile = true;
        } else {
            $is_curlFile = false;
            if (defined('CURLOPT_SAFE_UPLOAD')) {
                curl_setopt($oCurl, CURLOPT_SAFE_UPLOAD, false);
            }
        }
        if (is_string($param)) {
            $strPOST = $param;
        } elseif ($post_file) {
            if ($is_curlFile) {
                foreach ($param as $key => $val) {
                    if (substr($val, 0, 1) == '@') {
                        $param[$key] = new \CURLFile(realpath(substr($val, 1)));
                    }
                }
            }
            $strPOST = $param;
        } else {
            $aPOST = [];
            foreach ($param as $key=>$val) {
                $aPOST[] = $key."=".urlencode($val);
            }
            $strPOST =  join("&", $aPOST);
        }
        curl_setopt($oCurl, CURLOPT_URL, $url);
        curl_setopt($oCurl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($oCurl, CURLOPT_POST, true);
        curl_setopt($oCurl, CURLOPT_POSTFIELDS, $strPOST);
        $sContent = curl_exec($oCurl);
        $aStatus = curl_getinfo($oCurl);
        curl_close($oCurl);
        Di::getDefault()->get('logger')->info("Wechat Api $sContent");
        if (intval($aStatus["http_code"])==200) {
            return $sContent;
        } else {
            return false;
        }
    }

    public function api_start_push_ticket()
    {
        $params = json_encode([
            "component_appid" => $this->appId,
            "component_secret" => $this->appSecret
        ]);

        $result = $this->http_post(self::API_URL_PREFIX . self::API_START_PUSH_TICKET, $params);

        return $this->formatResponse($result);
    }

    /**
     * 获取access_token
     * @param string $appid 如在类初始化时已提供，则可为空
     * @param string $appsecret 如在类初始化时已提供，则可为空
     * @param string $token 手动指定access_token，非必要情况不建议用
     */
    public function checkAuth()
    {
        $authname = 'test_component_access_token'. $this->appId;

        if ($rs = $this->getCache($authname)) {
            $this->access_token = $rs;
            return $rs;
        }

        $params = json_encode([
            'component_appid' => $this->appId,
            'component_appsecret' => $this->appSecret,
            'component_verify_ticket' => $this->getComponentVerifyTicket(),
        ]);

        $result = $this->http_post(self::API_URL_PREFIX.self::AUTH_URL, $params);
        if ($result) {
            $json = json_decode($result, true);
            if (!$json || isset($json['errcode'])) {
                $this->errCode = $json['errcode'];
                $this->errMsg = $json['errmsg'];
                return false;
            }
            $this->access_token = $json['component_access_token'];
            $expire = $json['expires_in'] ? intval($json['expires_in'])-100 : 3600;
            $this->setCache($authname, $this->access_token, $expire);
            return $this->access_token;
        }
        return false;
    }

    public function api_create_preauthcode()
    {
        if (!$this->access_token && !$this->checkAuth()) {
            return false;
        }
        $params = json_encode([
            'component_access_token' => $this->access_token,
            'component_appid' => $this->appId,
        ]);

        $result = $this->http_post(self::API_URL_PREFIX . self::AUTH_PREAUTHCODE . 'component_access_token='. $this->access_token, $params);

        if ($result) {
            $json = json_decode($result, true);

            return $json['pre_auth_code'] ?? false;
        }

        return false;
    }

    public function getOauthUrl($companyUid, $authType)
    {
        $params = [
            'component_appid' => $this->appId,
            'pre_auth_code' => $this->api_create_preauthcode(),
            'redirect_uri' => sprintf($this->redirect_uri, $companyUid),
            'auth_type' => $authType,
        ];

        return 'https://mp.weixin.qq.com/cgi-bin/componentloginpage?' . http_build_query($params);
    }

    public function api_query_auth($code)
    {
        if (!$this->access_token && !$this->checkAuth()) {
            return false;
        }
        $params = json_encode([
            'component_access_token' => $this->access_token,
            'component_appid' => $this->appId,
            'authorization_code' => $code,
        ]);

        $result = $this->http_post(self::API_URL_PREFIX . self::AUTH_QUERY . 'component_access_token='. $this->access_token, $params);

        if ($result) {
            $json = json_decode($result, true);

            if (isset($json['authorization_info']['authorizer_access_token'])) {
                $this->setAppAccessToken(
                    $json['authorization_info']['authorizer_appid'],
                    $json['authorization_info']['authorizer_access_token']
                );
            }

            return $json;
        }

        return false;
    }

    public function api_get_authorizer_info($authorizer_appid)
    {
        if (!$this->access_token && !$this->checkAuth()) {
            return false;
        }
        $params = json_encode([
            'component_access_token' => $this->access_token,
            'component_appid' => $this->appId,
            'authorizer_appid' => $authorizer_appid,
        ]);

        $result = $this->http_post(self::API_URL_PREFIX . self::AUTH_AUTHORIZER_INFO . 'component_access_token='. $this->access_token, $params);

        if ($result) {
            return json_decode($result, true);
        }

        return false;
    }

    protected function formatResponse($result)
    {
        if ($result) {
            Di::getDefault()->get('logger')->info("[Wechat Third Platform] api response :" . $result);
            $json = json_decode($result, true);
            if (!$json || !empty($json['errcode'])) {
                $this->errCode = $json['errcode'];
                $this->errMsg = $json['errmsg'];
                return false;
            }
            return true;
        }
        return false;
    }

    public function setPostXml($str)
    {
        $this->postxml = $str;
    }

    public function decryptMsg($params)
    {
        $crypt =  new WXBizMsgCrypt($this->token, $this->encodingAesKey, $this->appId);
        !empty($this->postxml)?$this->postxml:file_get_contents("php://input");
        $result = $crypt->decryptMsg($params['msg_signature'], $params['timestamp'], $params['nonce'], $this->postxml, $msg);
        return [$result, $msg];
    }

    /**
     * 获取微信服务器发来的信息
     */
    public function getRev()
    {
        if ($this->_receive) {
            return $this;
        }
        $postStr = !empty($this->postxml)?$this->postxml:file_get_contents("php://input");
        //兼顾使用明文又不想调用valid()方法的情况
        $this->log($postStr);
        if (!empty($postStr)) {
            $this->_receive = (array)simplexml_load_string($postStr, 'SimpleXMLElement', LIBXML_NOCDATA);
        }
        return $this;
    }

    /**
     * 获取微信服务器发来的信息
     */
    public function getRevData()
    {
        return $this->_receive;
    }
}

/**
 * 1.第三方回复加密消息给公众平台；
 * 2.第三方收到公众平台发送的消息，验证消息的安全性，并对消息进行解密。
 */
class WXBizMsgCrypt
{
    private $token;
    private $encodingAesKey;
    private $appId;

    /**
     * 构造函数
     * @param $token string 公众平台上，开发者设置的token
     * @param $encodingAesKey string 公众平台上，开发者设置的EncodingAESKey
     * @param $appId string 公众平台的appId
     */
    public function __construct($token, $encodingAesKey, $appId)
    {
        $this->token = $token;
        $this->encodingAesKey = $encodingAesKey;
        $this->appId = $appId;
    }

    /**
     * 将公众平台回复用户的消息加密打包.
     * <ol>
     *    <li>对要发送的消息进行AES-CBC加密</li>
     *    <li>生成安全签名</li>
     *    <li>将消息密文和安全签名打包成xml格式</li>
     * </ol>
     *
     * @param $replyMsg string 公众平台待回复用户的消息，xml格式的字符串
     * @param $timeStamp string 时间戳，可以自己生成，也可以用URL参数的timestamp
     * @param $nonce string 随机串，可以自己生成，也可以用URL参数的nonce
     * @param &$encryptMsg string 加密后的可以直接回复用户的密文，包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
     *                      当return返回0时有效
     *
     * @return int 成功0，失败返回对应的错误码
     */
    public function encryptMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg)
    {
        $pc = new Prpcrypt($this->encodingAesKey);

        //加密
        $array = $pc->encrypt($replyMsg, $this->appId);
        $ret = $array[0];
        if ($ret != 0) {
            return $ret;
        }

        if ($timeStamp == null) {
            $timeStamp = time();
        }
        $encrypt = $array[1];

        //生成安全签名
        $sha1 = new SHA1;
        $array = $sha1->getSHA1($this->token, $timeStamp, $nonce, $encrypt);
        $ret = $array[0];
        if ($ret != 0) {
            return $ret;
        }
        $signature = $array[1];

        //生成发送的xml
        $xmlparse = new XMLParse;
        $encryptMsg = $xmlparse->generate($encrypt, $signature, $timeStamp, $nonce);
        return ErrorCode::$OK;
    }

    /**
     * 检验消息的真实性，并且获取解密后的明文.
     * <ol>
     *    <li>利用收到的密文生成安全签名，进行签名验证</li>
     *    <li>若验证通过，则提取xml中的加密消息</li>
     *    <li>对消息进行解密</li>
     * </ol>
     *
     * @param $msgSignature string 签名串，对应URL参数的msg_signature
     * @param $timestamp string 时间戳 对应URL参数的timestamp
     * @param $nonce string 随机串，对应URL参数的nonce
     * @param $postData string 密文，对应POST请求的数据
     * @param &$msg string 解密后的原文，当return返回0时有效
     *
     * @return int 成功0，失败返回对应的错误码
     */
    public function decryptMsg($msgSignature, $timestamp = null, $nonce, $postData, &$msg)
    {
        if (strlen($this->encodingAesKey) != 43) {
            return ErrorCode::$IllegalAesKey;
        }

        $pc = new Prpcrypt($this->encodingAesKey);

        //提取密文
        $xmlparse = new XMLParse;
        $array = $xmlparse->extract($postData);
        $ret = $array[0];

        if ($ret != 0) {
            return $ret;
        }

        if ($timestamp == null) {
            $timestamp = time();
        }

        $encrypt = $array[1];
        $touser_name = $array[2];

        //验证安全签名
        $sha1 = new SHA1;
        $array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);
        $ret = $array[0];

        if ($ret != 0) {
            return $ret;
        }

        $signature = $array[1];
        if ($signature != $msgSignature) {
            return ErrorCode::$ValidateSignatureError;
        }

        $result = $pc->decrypt($encrypt, $this->appId);
        Di::getDefault()->get('logger')->info('decrypt result :' . json_encode($result));

        if ($result[0] != 0) {
            return $result[0];
        }

        $msg = $result[1];

        return ErrorCode::$OK;
    }
}

/**
 * PKCS7Encoder class
 *
 * 提供基于PKCS7算法的加解密接口.
 */
class PKCS7Encoder
{
    public static $block_size = 32;

    /**
     * 对需要加密的明文进行填充补位
     * @param $text 需要进行填充补位操作的明文
     * @return 补齐明文字符串
     */
    public function encode($text)
    {
        $block_size = PKCS7Encoder::$block_size;
        $text_length = strlen($text);
        //计算需要填充的位数
        $amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size);
        if ($amount_to_pad == 0) {
            $amount_to_pad = PKCS7Encoder::block_size;
        }
        //获得补位所用的字符
        $pad_chr = chr($amount_to_pad);
        $tmp = "";
        for ($index = 0; $index < $amount_to_pad; $index++) {
            $tmp .= $pad_chr;
        }
        return $text . $tmp;
    }

    /**
     * 对解密后的明文进行补位删除
     * @param decrypted 解密后的明文
     * @return 删除填充补位后的明文
     */
    public function decode($text)
    {
        $pad = ord(substr($text, -1));
        if ($pad < 1 || $pad > 32) {
            $pad = 0;
        }
        return substr($text, 0, (strlen($text) - $pad));
    }
}

/**
 * Prpcrypt class
 *
 * 提供接收和推送给公众平台消息的加解密接口.
 */
class Prpcrypt
{
    public $key;

    public function __construct($k)
    {
        $this->key = base64_decode($k . "=");
    }

    /**
     * 对明文进行加密
     * @param string $text 需要加密的明文
     * @return string 加密后的密文
     */
    public function encrypt($text, $appid)
    {
        try {
            //获得16位随机字符串，填充到明文之前
            $random = $this->getRandomStr();
            $text = $random . pack("N", strlen($text)) . $text . $appid;
            $iv = substr($this->key, 0, 16);
            $pkc_encoder = new PKCS7Encoder;
            $text = $pkc_encoder->encode($text);
            $encrypted = openssl_encrypt($text, 'AES-256-CBC', substr($this->key, 0, 32), OPENSSL_ZERO_PADDING, $iv);
            return [ErrorCode::$OK, $encrypted];
        } catch (Exception $e) {
            //print $e;
            return [ErrorCode::$EncryptAESError, null];
        }
    }

    /**
     * 对密文进行解密
     * @param string $encrypted 需要解密的密文
     * @return string 解密得到的明文
     */
    public function decrypt($encrypted, $appid)
    {
        Di::getDefault()->get('logger')->info('data:' . $encrypted . ' appid' . $appid);
        try {
            $iv = substr($this->key, 0, 16);
            $decrypted = openssl_decrypt(base64_decode($encrypted), 'AES-256-CBC', $this->key, OPENSSL_RAW_DATA, $iv);
            Di::getDefault()->get('logger')->info('new data:' . $decrypted . ' appid' . $appid);
        } catch (\Exception $e) {
            return [ErrorCode::$DecryptAESError, null];
        }

        try {
            //去除补位字符
            $pkc_encoder = new PKCS7Encoder();
            $result = $pkc_encoder->decode($decrypted);
            //去除16位随机字符串,网络字节序和AppId
            if (strlen($result) < 16) {
                return "";
            }
            $content = substr($result, 16, strlen($result));
            $len_list = unpack("N", substr($content, 0, 4));
            $xml_len = $len_list[1];
            $xml_content = substr($content, 4, $xml_len);
            $from_appid = substr($content, $xml_len + 4);
            Di::getDefault()->get('logger')->info('from_appid' . $from_appid . ' decrypt data xml:' . $xml_content);
        } catch (\Exception $e) {
            //print $e;
            return [ErrorCode::$IllegalBuffer, null];
        }
        if ($from_appid != $appid) {
            return [ErrorCode::$ValidateAppidError, null];
        }
        return [0, $xml_content];
    }
    /**
     * 随机生成16位字符串
     * @return string 生成的字符串
     */
    public function getRandomStr()
    {
        $str = "";
        $str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
        $max = strlen($str_pol) - 1;
        for ($i = 0; $i < 16; $i++) {
            $str .= $str_pol[mt_rand(0, $max)];
        }
        return $str;
    }
}

/**
 * XMLParse class
 *
 * 提供提取消息格式中的密文及生成回复消息格式的接口.
 */
class XMLParse
{

    /**
     * 提取出xml数据包中的加密消息
     * @param string $xmltext 待提取的xml字符串
     * @return string 提取出的加密消息字符串
     */
    public function extract($xmltext)
    {
        libxml_disable_entity_loader(true);
        try {
            $xml = new \DOMDocument();
            $xml->loadXML($xmltext);
            $array_e = $xml->getElementsByTagName('Encrypt');
            $array_a = $xml->getElementsByTagName('ToUserName');
            $array_appId = $xml->getElementsByTagName('AppId');
            $encrypt = $array_e->item(0)->nodeValue;
            $tousername = $array_a->length > 0 ? $array_a->item(0)->nodeValue : '';
            if (empty($tousername)) {
                $tousername = $array_appId->item(0)->nodeValue;
            }
            return [0, $encrypt, $tousername];
        } catch (\Exception $e) {
            //print $e . "\n";
            return [ErrorCode::$ParseXmlError, null, null];
        }
    }

    /**
     * 生成xml消息
     * @param string $encrypt 加密后的消息密文
     * @param string $signature 安全签名
     * @param string $timestamp 时间戳
     * @param string $nonce 随机字符串
     */
    public function generate($encrypt, $signature, $timestamp, $nonce)
    {
        $format = "<xml>
<Encrypt><![CDATA[%s]]></Encrypt>
<MsgSignature><![CDATA[%s]]></MsgSignature>
<TimeStamp>%s</TimeStamp>
<Nonce><![CDATA[%s]]></Nonce>
</xml>";
        return sprintf($format, $encrypt, $signature, $timestamp, $nonce);
    }
}

/**
 * error code 说明.
 * <ul>
 *    <li>-40001: 签名验证错误</li>
 *    <li>-40002: xml解析失败</li>
 *    <li>-40003: sha加密生成签名失败</li>
 *    <li>-40004: encodingAesKey 非法</li>
 *    <li>-40005: appid 校验错误</li>
 *    <li>-40006: aes 加密失败</li>
 *    <li>-40007: aes 解密失败</li>
 *    <li>-40008: 解密后得到的buffer非法</li>
 *    <li>-40009: base64加密失败</li>
 *    <li>-40010: base64解密失败</li>
 *    <li>-40011: 生成xml失败</li>
 * </ul>
 */
class ErrorCode
{
    public static $OK = 0;
    public static $ValidateSignatureError = -40001;
    public static $ParseXmlError = -40002;
    public static $ComputeSignatureError = -40003;
    public static $IllegalAesKey = -40004;
    public static $ValidateAppidError = -40005;
    public static $EncryptAESError = -40006;
    public static $DecryptAESError = -40007;
    public static $IllegalBuffer = -40008;
    public static $EncodeBase64Error = -40009;
    public static $DecodeBase64Error = -40010;
    public static $GenReturnXmlError = -40011;
}

/**
 * SHA1 class
 *
 * 计算公众平台的消息签名接口.
 */
class SHA1
{
    /**
     * 用SHA1算法生成安全签名
     * @param string $token 票据
     * @param string $timestamp 时间戳
     * @param string $nonce 随机字符串
     * @param string $encrypt 密文消息
     */
    public function getSHA1($token, $timestamp, $nonce, $encrypt_msg)
    {
        //排序
        try {
            $array = [$encrypt_msg, $token, $timestamp, $nonce];
            sort($array, SORT_STRING);
            $str = implode($array);
            return [ErrorCode::$OK, sha1($str)];
        } catch (Exception $e) {
            //print $e . "\n";
            return [ErrorCode::$ComputeSignatureError, null];
        }
    }
}
